Changelog History
Page 3
-
v1.7.0-RC.1
March 01, 2020 -
v1.7.0-ALPHA.2 Changes
December 05, 2019- ๐ป CVE-2019-16768: Internal exception message exposure in login action.
- #10632 [ShopBundle] Logged customer after completing checkout can view order in his account (@Tomanhez)
- #10638 [Behat][Minor] Add a few typehints (@lchrusciel)
- #10643 [Fixture] channel fixture fix (@AdamKasp)
- ๐ #10651 removed customer from customer order grid (@AdamKasp)
- #10653 [Order] Added "no payments" label for order without payment (@AdamKasp, @Zales0123)
- #10658 [Payment] Filtering payments by channel (@AdamKasp, @Zales0123)
- #10660 [Fixture] Shipment and payment date are same like order (@AdamKasp)
- ๐ #10665 Remove ShippingBundle spec from autoload-dev (@mmenozzi)
- โ #10666 Test doctrine migrations up & down (@loic425)
- #10670 Fix unnecessarily centered payment (@Zales0123)
- #10674 Add authorize constant to payment transitions (@alexander-schranz)
- #10679 Change channel code to name (@AdamKasp)
- ๐ #10687 Add support menu and CTAs (@pjedrzejewski)
- #10694 [Admin][Product] Extract some variant related templates from product show (@GSadee)
- #10699 Admin avatar - fixtures (@AdamKasp)
- #10702 fix order orders grid (@AdamKasp)
- #10707 [Currency] added parameterized currency during installation (, @Jeroen-G)
- โก๏ธ #10711 [Docs] update docs. (@AdamKasp)
- #10715 [Fixtures] Add env variable for channel hostname (@GSadee)
- #10718 [Product] Go to edit from product show page (@AdamKasp)
- ๐ #10721 Fixed: use_authorize option comparison (@igormukhingmailcom)
- #10723 [Admin][Product] Fix displaying variants on product show page (@GSadee)
- ๐ #10731 [Docs] Plugins technical review checklist (@Zales0123)
- #10735 Do not impose a length of two on attribute codes and names (@loevgaard)
- #10736 Channel page rework (@kulczy)
- #10754 clean Twig unused variable (@oallain)
- #10756 Changed visibility to make it usable when extending (@loevgaard)
- #10759 Fix user impersonated listener when impersonating another user resource (@loic425)
- #10783 [Admin] Fix Github issue tracker link (@Zales0123)
- ๐ #10791 Allow to define free products (@Zales0123)
- #10796 [Admin][Order] Add promotions to order summary (@GSadee)
- #10803 Add Webpack Encore (@kulczy)
- ๐ #10810 [Admin][Order] Remove unnecessary tag (@GSadee)
- ๐ #10811 Explicitly list deprecated things in the code & solve Twig deprecations (@pamil)
- #10812 [Shop] Hide shipping costs for orders with virtual products (@GSadee)
- #10814 Make Psalm more aggressive (@pamil)
- #10818 [Payum][Checkout] Pass address data to PayPal after checkout (@Zales0123)
- #10822 Fix typo in TaxonomyElementInterface classname (@pamil)
- #10827 New Webpack approach (@kulczy)
- ๐ #10829 Remove Symfony 3.4 support on the master branch (@pamil)
- ๐ #10831 [Docs] Theming Guide: Webpack Encore v1 (@CoderMaggie)
- #10833 Change banner (@kulczy)
- ๐ #10834 Remove usage of deprecated "Symfony\Component\Config\Definition\Builder\TreeBuilder::root()" (@pamil)
- ๐ #10836 Do not use deprecated Symfony events (@pamil)
- #10839 [Psalm] Improve docblocks (@pamil)
- #10840 [Psalm] Treat PossiblyUndefined* and PossiblyFalse* as errors (@pamil)
- #10843 [Psalm] Treat checks from level 5 as errors (@pamil)
- ๐ #10845 [Psalm] Fix the build (@pamil)
- ๐ #10847 Deprecate Stripe Checkout due to lacking support for SCA (@pamil)
- โก๏ธ #10848 Update Webpack docs (@kulczy)
- #10854 [Behat][Admin][Order] Fix scenarios for displaying promotions on master after upmerge (@GSadee)
- #10858 [Psalm] Treat MismatchingDocblockReturnType as errors (@pamil)
- #10859 [Psalm] Treat MethodSignatureMismatch as errors (@pamil)
- #10860 [Channel] channel types (@AdamKasp)
- #10861 Add Bootstrap based theming guide (@kulczy)
- โก๏ธ #10873 [Psalm] Fix the build after Symfony 4.4 update (@pamil)
- โช #10875 Revert changes causing BC break (@pamil)
- โ #10876 Add warning message to the theming guide (@kulczy)
- โ #10883 Rework Behat testing from classes/ids to attributes for login and registration pages (@Tomanhez)
- #10885 Add help messages to settings requirements checked in CLI (@akondas)
- #10888 Add missing sass-loader to dependencies (@kulczy)
- #10893 Improve emails templates (@kulczy, @GSadee, @pamil)
- ๐ #10894 Add documentation for customising emails per channel (@pamil)
- #10895 Fix misspellings in french fixtures files (@DjLeChuck)
- โ #10897 Minor fixes - Rework behat tests (@Tomanhez)
- ๐ #10900 [Docs] [Channel]Fix docs with channel (@AdamKasp)
-
v1.7.0-ALPHA.1
December 04, 2019 -
v1.6.9 Changes
October 20, 2020- ๐ #11369 [Docs] Don't use $HOME in SymfonyCloud deployment cookbook (@tucksaun)
- ๐ #11387 Remove the doc reference to a promotion action that no longer exists in Core. (@gabiudrescu)
- #11391 Fallback to the locale code if the associated name isn't found (@dunglas)
- #11390 Bug #9738 Fix nested form collections (@vic-blt)
- ๐ง #11403 Fix Autolabeler configuration (@Zales0123)
- #11416 doc : add the composer dump-autoload instruction (@davidroberto)
- ๐ #11450 [Docs] Enable redirections on ReadTheDocs (@pamil)
- ๐ #11452 [Docs] Fix redirection for backwards compatibility promise (@pamil)
- #11944 [Shop] Disabling customer when email has been changed (@lchrusciel)
-
v1.6.8 Changes
April 21, 2020- #11018 Fix: Check PropertyPath value for add error to form (@Coosos)
- #11191 Separated order items subtotal calculation logic from twig extension (@4c0n)
- โฌ๏ธ #11341 [Maintenance] Upgrade packages dependencies & fix 1.6 build (@lchrusciel)
- ๐ง #11342 [Maintenance] Remove memory swap (@lchrusciel)
- #11346 [ADMIN] fix closed gateway config field in payment method form (@bigboss86)
- #11363 Introduce Probot Autolabeler (@Zales0123)
- #11364 fix #11362 : ignore channel locale listener on profiler routes (@thi3rry)
- 0๏ธโฃ #11380 Use !default for SCSS variables to allow overriding them (@pamil)
-
v1.6.7
March 31, 2020 -
v1.6.6
February 28, 2020 -
v1.6.5 Changes
January 27, 2020CVE-2020-5218: Ability to switch channels via GET parameter enabled in production environments
โก๏ธ Please refer to the original security advisory for the most updated information.
Impact:
This vulnerability gives the ability to switch channels via the
_channel_code
GET parameter in production environments. This was meant to be enabled only when%kernel.debug%
is set to true.๐ง However, if no
sylius_channel.debug
is set explicitly in the configuration, the default value which is%kernel.debug%
will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false.Patches:
Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore.
โช Workarounds:
๐ง Unsupported versions could be patched by adding the following configuration to run in production:
sylius\_channel: debug: false
Details
- #10296 Product show page (@kulczy, @AdamKasp)
- 0๏ธโฃ #10342 [Fixture] Togglable default locale loading (@lchrusciel)
- #10355 Adding a coupon generator command (@mamazu)
- #10361 Change master branch to v1.6.0-DEV (@pamil)
- #10382 [Admin][Shipment] Add filtering shipments by a channel (@Tomanhez, @GSadee)
- #10383 [Behat] Make feature filenames consistent with others (@GSadee)
- #10388 Fix product show page margins (@kulczy)
- ๐ #10391 [Admin][Product] Show page fixes (@AdamKasp)
- #10392 improved code quality (@oallain)
- ๐ง #10393 [Docs] Describe available configuration options for locale fixture (@lchrusciel)
- #10396 [Admin] Avoid javascript in saving positions (@Zales0123)
- #10399 Add info into install command about need of setting the locale in symfony config ()
- #10400 Add discounts and totals in the cart (@kulczy, @bartoszpietrzak1994)
- #10406 [Fixtures] Added random generated order complete date (@AdamKasp)
- ๐ #10409 Create SECURITY.md (@gabiudrescu, @pamil)
- ๐ป #10417 [Admin] Order summary UI + discounts and taxes viewing logic (@kulczy, @AdamKasp)
- #10419 Add prices and discounts to the order summary box (@kulczy)
- #10420 Change order summary table (@kulczy, @AdamKasp)
- #10429 Add admin user avatar placeholder (@kulczy)
- #10438 Keep all prices in the same currency in checkout (@pamil)
- ๐ #10441 [Inventory][Product] Move inventory to new tab (@AdamKasp)
- #10442 Add an alert about unsaved changes (@kulczy)
- #10443 Unify shipping row on the order summary table (@kulczy)
- #10444 Change dashboard view (@kulczy, @pamil)
- #10449 Administrator's avatar (@Tomanhez, @Zales0123)
- ๐ง #10451 [Admin] Add possibility to configure custom index route in routing (@GSadee)
- ๐ #10453 Fix deprecation notice (@loevgaard)
- ๐ป #10455 Improve admin product show page UI (@kulczy, @AdamKasp, @GSadee)
- #10456 Make image uploader easier to customize (@Zales0123, @pamil)
- #10460 AvatarImage Doctrine mapping fix (@bartoszpietrzak1994)
- #10461 Fix product show page elements (@kulczy)
- ๐ #10467 Drop support for Symfony 4.1 and 4.2 (@pamil)
- #10471 Add footer with Sylius version to the admin panel (@kulczy)
- #10472 [Admin] Index of payments (@Tomanhez)
- #10477 Improve bulk actions (@kulczy, @AdamKasp)
- #10482 [Promotion] Fix Action creation doc (@pierre-H)
- #10483 [Admin]Admin choose channel in product show page (@Tomanhez)
- ๐ #10484 [Admin] Minor fixes payment shipment (@Tomanhez)
- #10485 [Promotion] Coupon prefix and suffix (@Zales0123)
- #10491 [Admin] Form validation error (@Tomanhez)
- ๐ #10497 Minor Fixes - Admin choose channel in product show page (@Tomanhez)
- #10499 [Admin] Fix css file (@GSadee)
- #10510 Add avatar preview (@kulczy)
- #10514 [Admin] In sections : edit variant and edit product add button product show page in shop (@Tomanhez)
- #10516 Fix Psalm false-positives (@pamil)
- #10518 [Admin] Unify order link in Orders, Payments, Shipments (@Tomanhez)
- #10520 [Admin] Unify payment and shipment labels (@GSadee)
- #10521 [Admin][Product] Disable show in shop button when product is disabled (@GSadee)
- #10522 Fix 'disabled' label (@kulczy)
- #10529 [Fixtures] Improve fixtures. (@AdamKasp)
- ๐ป #10531 Improve filters UI (@kulczy)
- #10534 [Fixtures] Variant name now is concatenated options value. (@AdamKasp)
- ๐ #10536 [Docs] Make Plugins and Plugin Development Guide more visible (@CoderMaggie)
- #10539 [Fixtures] Add tax category to product. (@AdamKasp)
- โก๏ธ #10541 Update README.md (@AdamKasp)
- #10542 [Fixtures] Product fixtures in yaml. (@AdamKasp)
- #10546 Improve filters (@kulczy)
- ๐ #10547 [Admin] Remove avatar (@Tomanhez)
- #10552 [Order] Change OrderItemController methods to protected (@Zales0123)
- #10555 [Admin][AdminUser] Improvements for removing an avatar (@GSadee)
- #10560 [Behat][AdminUser] Fix filename typo (@GSadee)
- #10562 Avoid js when removing product from cart (@Zales0123)
- ๐ง #10570 [Fixtures] Added 'tracked' field to product fixture configuration (@AdamKasp)
- ๐ #10572 [Fixtures] Minor fixes. (@AdamKasp)
- #10576 [Fixtures] Jeans attributes names fix (@CoderMaggie)
- #10580 [Admin][Order] Change item to unit discount on summary page (@GSadee)
- #10587 Avoid BC break in ProductExampleFactory (@Zales0123)
- #10588 [AdminBundle] Payments & Shipments index pages sortable by date (@Tomanhez)
- ๐ #10594 [CoreBundle] Fixtures creating SimpleProduct, remove options from caps (@Tomanhez)
- โก๏ธ #10595 Use {{ limit }} to allow min/max value update (@Prometee)
- ๐ #10596 [Documentation][Contribution] Improve doc contribution guide (@lchrusciel)
- #10597 [AdminBundle] Extract logo to separate twig file (@Tomanhez)
- #10606 [Admin][Payment] Not displaying payments in cart state on the list (@GSadee)
- #10614 [AdminBundle] Uncoupled AdminBundle with ShopBundle (@Tomanhez)
- ๐ #10615 [HOTFIX] [Behat] Fix tax extraction (@lchrusciel)
- ๐ #10616 [Fixture] Make order fixture more flexible (@TiMESPLiNTER, @AdamKasp)
- โฌ๏ธ #10617 Provide an upgrade guide for v1.6.0 (@pamil)
- #10619 Sending email after ship shipment on grid (@AdamKasp)
- #10620 Fix bug after rebase (@AdamKasp)
- #10621 Fix email after complete payment via grid (@AdamKasp)
- 0๏ธโฃ #10627 Use fallback locale as default for the new administrators (@pamil)
- #10628 Fix OrderExampleFactory (@Zales0123)
- ๐ #10630 [HotFix] Proper order of arguments (@lchrusciel)
- #10631 [Core] Improved fixture example factory (@lchrusciel)
- โ #10636 [Admin] Proper tests for shipment mailing (@lchrusciel)
- #10639 [Admin] Fix sorting on customer orders list (@lchrusciel)
- โช #10640 Revert "[Admin][Shipment] Add filtering shipments by a channel" (@lchrusciel)
- #10642 [Admin][Shipment] Add filtering shipments by a channel (@Tomanhez, @GSadee)
- #10695 [Admin][Product] Fix displayed stocks on product show page (@GSadee)
- ๐ #10700 [Promotion] Remove coupling to core (@lchrusciel)
- ๐ #10716 Minor fixtures fixes (@AdamKasp)
- #10733 Fix 10719 infinite order fixture loading (@igormukhingmailcom)
- ๐ #10744 [Documentation][Book] Invoices (@CoderMaggie)
- ๐ #10747 Remove flashing from the bulk button (@kulczy)
- โฌ๏ธ #10760 Add JQuery Dirtyforms in UPGRADE-1.6.md (@maximehuran)
- โก๏ธ #10784 [Docs] Installation guide update (@lchrusciel)
- ๐ #10837 Remove unused templating engine from RemoveAvatarAction (@pamil)
- โก๏ธ #10842 [Docs] Update core team (@lchrusciel)
- #10844 Clarify BC promise for final controllers (@pamil)
- #10853 [Behat][Admin][Order] Fix scenarios for displaying promotions on 1.6 after upmerge (@GSadee)
- #10865 [Admin][Promotion] Fix the prevention of generating too many coupons (@GSadee)
- ๐ #10884 [Plugins][Docs] Plugin technical requirements changes (@Zales0123)
- โก๏ธ #10889 [Fixtures] Update product names (@CoderMaggie)
- ๐ #10890 Fix build - remove redundant validation message part (@Zales0123)
- โก๏ธ #11046 [Docs] Update sensio.sphinx (@Tomanhez)
- ๐ #11060 Fixed typo in services comment (@codreanulaurentiu)
- ๐ #11061 [Documentation] Backport of #11054 to 1.6 (@lchrusciel)
-
v1.6.4 Changes
December 05, 2019๐ป CVE-2019-16768: Internal exception message exposure in login action.
Details:
๐ป Exception messages from internal exceptions (like database exception) are wrapped by
๐\Symfony\Component\Security\Core\Exception\AuthenticationServiceException
and propagated through the system to UI.
Therefore, some internal system information may leak and be visible to the customer.๐ฒ A validation message with the exception details will be presented to the user when one will try to log into the shop.
Solution:
๐ This release patches the reported vulnerability. The
src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig
file from Sylius should be overridden and{{ messages.error(last_error.message) }}
changed to{{ messages.error(last_error.messageKey) }}
.Details
- ๐ #10835 Improve deprecation message for "Sylius\Bundle\CoreBundle\Application\Kernel" (@pamil)
- ๐ #10837 Remove unused templating engine from RemoveAvatarAction (@pamil)
- ๐ #10841 [Docs] Include link to ShopApi docs to REST API Reference (@Zales0123)
- โก๏ธ #10842 [Docs] Update core team (@lchrusciel)
- #10844 Clarify BC promise for final controllers (@pamil)
- #10846 [Order] Include order unit promotion adjustments and order item promotion adjustments in order promotion total (@Tomanhez)
- ๐ #10849 Move ShopApi reference to main menu (@Zales0123)
- #10853 [Behat][Admin][Order] Fix scenarios for displaying promotions on 1.6 after upmerge (@GSadee)
- ๐ #10855 [Docs] Open external links in a new tab (@Zales0123)
- #10857 Change readme banner (@kulczy)
- #10865 [Admin][Promotion] Fix the prevention of generating too many coupons (@GSadee)
- #10880 [Promotion] Improve coupon generation validation message (@GSadee)
- ๐ #10881 Add docs banner (@kulczy)
- โก๏ธ #10889 [Fixtures] Update product names (@CoderMaggie)
- ๐ #10890 Fix build - remove redundant validation message part (@Zales0123)
- ๐ #10891 Update release process docs for 1.2 (@pamil)
-
v1.6.3
December 04, 2019